File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Java in General and the fly likes Enforcing Security Permissions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "Enforcing Security Permissions" Watch "Enforcing Security Permissions" New topic
Author

Enforcing Security Permissions

Yohan Liyanage
Ranch Hand

Joined: Aug 17, 2007
Posts: 132

Hi,

I am building a distributed system where class files are downloaded from remote machines and executed locally. I use a custom ClassLoader implementation to retrieve necessary classes.

However, I want to ensure that the remote code which is executed locally is not allowed to use files, invoke System.exit()... etc. In other words, I want to ensure that the remote code is executed in a sandbox.

Also, I need t ensure that the rest of the application is not affected by these limitations.

If I am to use a SecurityManager and a policy file, how can I ensure that only the code remotely loaded by my class loader is limited from permissions ?

Any suggestions to solve this issue is greatly appreciated.

Thanks.


Yohan Liyanage
http://blog.yohanliyanage.com
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
If I may plug my own stuff, this article describes how to use a classloader in conjunction with a security manager to restrict the loaded classes from certain operations. Source code is included.


Ping & DNS - updated with new look and Ping home screen widget
Yohan Liyanage
Ranch Hand

Joined: Aug 17, 2007
Posts: 132

Thanks a lot for the reply Ulf .

I looked into the code, but found some methods are deprecated now, and I couldn't find an alternative way to get the code working without those methods (JavaDoc says to use checkPermission but I couldn't find out how that could be helpful to find which classloader loaded the class).

Finally, I got it working using policy files.

Here's what I did:


In my ClassLoader, I used the "http://my.remote.loaded.code.base" as the CodeSource when I defined my classes.

Code Base "file:/-" matches with rest of the classes, which are loaded from the file system.

So this way, I got my remote code running in a sandbox.
[ August 01, 2008: Message edited by: Yohan Liyanage ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Enforcing Security Permissions
 
Similar Threads
changing dirname drive value on windows
RMI: remote client without using a web server
how to get Clients CPU information on Server using Java RMI
My design...getting cloudier
Access unix machine to read and save a file